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DETAILED ACTION 

Information Disclosure Statement 

1 . The information disclosure statement (IDS) submitted on July 1 7, 2003, is in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the information disclosure 
statement is being considered by the examiner. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. The computer program product in independent 
claim 15 contains logic in a memory; there is no concrete, tangible, useful, final result. 
The end result of claim 15 (which is non-tangible) is memory with a stored classification 
value. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 
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4. Claims 1. 2, 7-10. 15. and 16 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Juels etal. (U.S. Patent Pub. No. 2002/0029341). 

Regarding claims 1. 9. and 15 . Juels et al. teaches a method/system/computer 
program product of detecting intrusion attempts on a computing system, comprising the 
steps of: 

• Creating a first mapping profile of a valid password (fig. 13); 

• Storing the mapping profile in memory (paragraph 0111); 

• Creating a second mapping profile of an entered password (fig. 15, ref. num 
1510-1524); 

• Calculating a profile score by comparing the first mapping profile to the second 
mapping profile (fig. 15, ref. num 1526); 

• Comparing the profile score to a threshold value (fig. 15, ref. num 1530); and 

• Classifying the entered profile into one of two or more security classifications 
based upon the comparison between the profile score and the threshold value 
(fig. 15, ref. num 1580). 



Regarding claims 2. 10, and 16 . Juels et al. teaches wherein at least one of the 
security classifications represents an intrusion attempt on the computing system 
(paragraph 0147-0149). 
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Regarding claim 7 , Juels et al. teaches wherein the computing system is a 
personal computer (paragraph 0028). 

Regarding claim 8 , Juels et al. teaches wherein the computing system is a 
telephone voice response system (fig. 14, ref. num 1460). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 3-6, 11-14, and 17-20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Juels etal. (U.S. Patent Pub. No. 2002/0029341) in view of 
Zilberman (U.S. Patent No. 6,442,692). 

Regarding claims 3, 11, and 17 , Juels et al. teaches all the limitations of claim 1 , 
above. However, Juels et al. does not specifically teach the password being entered on 
a keyboard, but rather entering the password through other means, such as clicking 
certain images in an order, or hiding elements on a screen in certain regions (see 
paragraph 0016 of Juels et al.). 
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Zilberman teaches wherein the first mapping step and the second mapping step 
each comprise the steps of: 

• Comparing successive characters of the respective password (table 4); 

• Assigning a value to each pair of successive characters based upon a keyboard 
characteristic corresponding to the pair of successive characters (table 5); and 

• Generating a password mapping for the respective password based upon the 
assigned value (fig. 1). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine comparing successive keyboard inputs, as taught by 
Zilberman , with the method/system/computer program of Juels et al. It would have 
been obvious for such modifications because it is important not only to get the right 
character inputs from the keyboard, but also get the right order. A password of 
"mypassl" is not acceptable if "pylsams" is entered. 

Regarding claims 4, 12, and 18 , Juels et al. as modified by Zilberman teaches 
wherein the keyboard characteristic is the distance between the keys of the keyboard 
representing the pair of characters (see fig. 9 and 10 of Juels et al.). 

Regarding claims 5, 13, and 19 , Juels et al. as modified by Zilberman teaches 
wherein the keyboard characteristic is the likelihood that one of the pair of 
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characteristics is typed on a keyboard when the other key of the pair is intended to be 
typed (see paragraph 0019 of Juels et al.). 

Regarding claims 6, 14 t and 20 , Juels et al. as modified by Zilberman teaches 
wherein the second mapping step further comprise the step of: 

• Comparing the valid password to the entered password (see fig. 15, ref. num 
1 580 of Juels et al.); and 

• Determining when a pair of characters in the entered password are a 
transposition of a corresponding pair of letters in the valid password (see 
paragraph 0018 of Juels et al.); and 

• When there is a transposition, adjusting the profile score (see paragraph 0019 of 
Juels et al.). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 

272- 3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 



♦ 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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